Skip to main content

Networking with Multiple Guests on VirtualBox

IT Support

I showed up to work on my first day a couple of weeks ago and the first thing that I was given was a company Mac... A Mac!

My absolutely brilliant idea was to ask IT support if I was allowed to wipe the hard-drive clean and install my favorite Linux distribution. After giving me the classic thousand-yard stare that every IT dude gives every time you ask for something, he told me that "it was not supported". Long story short, at the end of the first week, I was left with this piece of brushed Aliminum brick running some applications that does not even run on Linux but required by my new company.

Virtualization

Solution? Of course virtualization. Needless to say, this was a complex setup with multiple requirements: * I want to run a Fedora guest for every day use. There is nothing that can match Konsole running on a bleeding edge distribution out there.
* I also need to run a CentOS guest for certain tasks such as building RPMs and other production related tasks.
* My guest operating systems must be able to utilize the VPN connection provided by the host computer.
* My guest OSes have to communicate with each other.
* Services running on my guest OSes need to be accessible from the outside if necessary.
* I keep the Mac just for establishing a VPN connection and for other company related resources like mail.

I am not going to get into the details of setting up a guest OS in this article. I will primarily focus on the networking setup. You should stop reading at this point and have a look at this superb blog article that documents how each networking option work in VirtualBox.

OK, now that you are back and have an idea about how different network setups work in VirtualBox, we can go over the configuration details to satisfy our requirements.

VPN Access

I have a software token installed on the Mac which provides a two factor authentication mechanism to establish a VPN connection. The problem is this is a TUN device. This means that it operates on Layer 3 (Network) packets. This is an important point because we have to select a NAT network adapter in the network settings for our Guest OSes. The other option - a bridged network adapter - breaks the VPN setup; this is is due to packets being processed on Layer 2 (Datalink) bypassing the VPN setup on Layer 3 (Network).

Inter-Guest OS Communication

The NAT setup to maintain VPN access described above comes with a price. VirtualBox assigns the same IP to all NAT adapter guests effectively preventing any inter-guest communication. We have to have a different IP for each of our guests to be able to communicate. Luckily, VirtualBox provides multiple adapters for this purpose.

First, define a host-only network under global Virtual box network settings. Second, enable the DHCP server for the host-only network so your host provides an IP address to each guest automatically. Finally, under guest network settings, select the host-only network adapter under the Adapter 2 tab. Run the ifconfig command on your guest and you shall see two network adapters: one with a NAT setup for VPN access and the other with a unique IP address for communication.

Outside Access for Guest Services

Port forwarding to the rescue. This is the same concept as configuring port-forwarding on a router. The port forwarding configuration section is available under the advanced NAT adapter settings for your guest operating system. See the link above for more information.

Comments

Popular posts from this blog

Securing Symfony2 REST services with FOSOAuthServerBundle

Overview In my previous article, I wrote about setting up a Symfony2 REST service using FOSRestBundle. However, this REST service was behind a firewall protected by a generic form_login provider. Not really ideal if you wish to open your REST API to other applications. So in this article, I will try to explain how to set up FOSOAuthServerBundle to protect your REST API methods using OAuth2. Before we start getting into the gritty details, it is a good idea to have a look at the official OAuth2 documentation . Let's begin... FOSOAuthServerBundle Installation You have to install v1.1.0 of FOSOAuthServerBundle if you are using Symfony 2.0.x. If not, see the docs . First, add the following entries to your deps file: [FOSOAuthServerBundle] git=git://github.com/FriendsOfSymfony/FOSOAuthServerBundle.git target=bundles/FOS/OAuthServerBundle version=origin/1.1.x [oauth2-php] git=git://github.com/FriendsOfSymfony/oauth2-php.git Run the vendors script to install these...

Unexpected token "name" of value "if" ("end of statement block" expected) in "WebProfilerBundle:Collector:logger.html.twig"

Encountered this WebProfilerBundle error message when I ran the bin/vendors script to update my Symfony2 bundles. Make sure your deps file is up to date; you need to pay special attention to your version values. In this case, update your twig version to v1.2.0 as illustrated below: [twig] git=http://github.com/fabpot/Twig.git version=v1.2.0 Run the vendors script to update your bundle and the error message should disappear. You can get the most up to date deps file from the symfony-standard repository located at: https://github.com/symfony/symfony-standard/blob/master/deps

A Parcelable Tutorial for Android

Parcelable Interface Overview In one of my earlier posts, I mentioned writing an article about FOSOAuthBundle integration with an Android client. To keep that article to the point, I need to explain some concepts beforehand. One of the important concepts is the Android Parcelable interface that allows data to be transferred between different processes/threads. Certain network operations with Android such as authentication with OAuth2 and then fetching data from a REST endpoint should be performed in the background in order not to block the UI thread. This requires data to be fetched by a service (I have opted for Intent Services in my implementation) in the background and then passed back to the calling activity/fragment with a result callback. This is where the Parcelable interface comes into play. Basically, the Parcelable interface allows your classes to be flattened inside a message container called a Parcel to facilitate high performance inter process communication. The rece...